Evasion and Detection of Metamorphic Viruses

Abstract

Metamorphic viruses mutate their own code to produce viral copies which are syntactically different from their parents, but functionally equivalent. The viral copies thus produced, may have different signatures, rendering signature-based virus scanners unreliable. New age anti-virus products employ a combination of signature scanning and heuristic techniques to defeat such viruses.
In this project, a metamorphic engine, which uses code obfuscation techniques, is implemented to bypass commercial scanners. A set of anti-heuristic strategies are used to evade code emulation and heuristic detection. Using a combination of the above techniques, the detection rate of a well known sample virus is reduced significantly. Finally, a brief comparative study of major commercial anti-virus software is performed with respect to their detection capability.